使用PDO :: query和mysql_query有什么安全好处? [英] Are there any security benefits to using PDO::query vs. mysql_query?

问题描述

我正在寻求重构一些旧的PHP代码，并且我知道PDO通过添加预处理语句等会更安全，但是我想知道使用PDO::query()方法与使用.c0方法是否有任何安全性好处. mysql_query()方法.有吗?

I'm looking to refactor some legacy PHP code, and I know that PDO is more secure with the addition of prepared statements and such, but I am wondering if there are any security benefits of using the PDO::query() method vs. the mysql_query() method. Are there?

推荐答案

PDO或mysql_ *中的错误简短，数据库查询的安全性问题取决于所运行的查询，而不是用于连接数据库的内容

Short of a bug in PDO or mysql_*, the security issues with database queries are dependent on the query being ran, not what is used to connect to the database.

如果使用userdata创建一个不安全的查询并使用PDO::query()执行它，则它与使用mysql_query()一样不安全.同样，如果您有一个安全的查询，则使用PDO::query()运行该查询实际上与使用mysql_query()进行相同.

If you create an insecure query with userdata and execute it with PDO::query(), it is just as insecure as it is with mysql_query(). Likewise, if you have a secure query, running it with PDO::query() is effectively the same as with mysql_query().

这篇关于使用PDO :: query和mysql_query有什么安全好处?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！